Cloud Security Engineer Tombola

At Tombola, we take security seriously – but we also like to have a bit of fun while we’re at it! As our Cloud Security Engineer, you’ll be building on our existing operational security, with a special focus on protecting our cloud infrastructure. You’ll be hands-on, designing, implementing, and managing top-notch security solutions across all our cloud environments.

You’ll also play a key part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you’ll be right in the thick of security event monitoring, threat intelligence, and incident management – keeping us one step ahead!

What you’ll be doing:

1. Delivering SOC Capabilities:You’ll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities for the business.
2. Driving Automation:You’ll push for security automation wherever possible and play a big part in evolving our security tooling and services.
3. Policy & Standards:You’ll champion the adoption and adherence to our InfoSec policy, standards, and guidelines.
4. Threat Intelligence:You’ll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats.
5. Incident Response:You’ll actively monitor for security incidents and jump into action with our incident response teams to contain, investigate, and prevent future security hiccups.
6. Defining Controls:You’ll help define our operational security requirements and put the right controls in place to keep security risks at bay, all while sticking to regulations and industry best practices.
7. Collaboration:You’ll work hand-in-hand with our Infrastructure, Platform, and IT Services teams, making the most of a SecOps approach.
8. Mentoring:You’ll provide guidance and support to less experienced team members, helping them grow.
9. Data Loss Prevention (DLP):You’ll monitor, maintain, and enhance our DLP controls across email, endpoints, and cloud services.
10. Data-Centric Security:You’ll champion a data-centric security approach, making sure data classification, handling, and protection are embedded from design to deployment.
11. Zero Trust:You’ll promote and support Zero Trust Architecture principles, continuously verifying identities, devices, and access requests.
12. Security Awareness:You’ll develop and maintain internal security awareness materials to educate our staff on evolving threats.
13. Attack Simulation:You’ll contribute to planning and delivering attack simulation training (like phishing campaigns) to boost user resilience.
14. Flutter Collaboration:You’ll liaise with other Flutter brands, ensuring our security approaches and technology align.
15. Cloud Security Integration:You’ll work with development, DevOps, and cloud engineering teams to embed cloud security controls into our CI/CD workflows and infrastructure-as-code.
16. Cloud Security Posture:You’ll utilise cloud-native and third-party security tools to keep an eye on our cloud security posture and ensure we’re always aligned with best practices.

What you’ll bring:

• Hands-on technical experience supporting security solutions on cloud technology platforms (preferably AWS, including EC2, VPC, IAM, S3, Control Tower, Config, Security Hub) and traditional on-premise environments.
• Awareness of how to secure a mix of Linux, Windows, Apple & Android OS.
• Knowledge of network perimeter security, including firewalls, WAF, anti-virus, and O365 compliance & security centre.
• Familiarity with NIST (CSF Framework 2.0), ISO 27001, PCI-DSS, and GDPR.
• Experience operating and managing SIEM solutions, vulnerability management tools, and secure configuration tooling.
• Ability to use PowerShell and Python scripting for security automation.
• Experience working in or with agile and/or SecOps oriented teams.
• A proven track record of analysing security requirements and applying architectural best practices.
• Previous work experience in an IT, InfoSec, or system administration role.
• Commercial awareness and the ability to balance security needs with operational flexibility.
• Confidence in promoting security best practices across all business levels.

Bonus points if you have:

• Professional qualifications like CompTIA Security+ or AWS certifications.
• Experience contributing to the security architecture and design of cloud-native solutions, including secure workload deployment, cloud network segmentation, and IAM strategies within AWS.
• Proficiency in implementing and managing Cloud Security Posture Management (CSPM) tools.
• Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines.
• Working knowledge of DevSecOps methodologies.
• Ability to contribute to cloud solution threat modelling and secure design reviews.

A bit about you:

• Passion! You’re genuinely passionate about your career path and love what you do.
• Communication skills. You can express your ideas clearly, whether you’re chatting with technical gurus or non-technical colleagues.
• A desire to learn. We’re all about continuous improvement, and we want people who want to improve themselves too.
• Confidence to suggest improvements. Got a brilliant idea? We want to hear it! We’re always looking to do things better.
• Highly motivated with a “can do” attitude and the ability to use your own initiative.
• A “down to earth” working style.
• Spirit of fun and engagement!

#J-18808-Ljbffr